CLI
Declarative¶
Users can use RCTL to add IDP user(s) to the IDP Group(s) and view the list of groups
Create Group(s)¶
Use the following command to create a new group
./rctl create group <group_name>
Create User(s)¶
Use the following command to create a user for API only access
./rctl create user user_1@demo.com
Use the following command to create a user for Console access
./rctl create user user_1@demo.com --console First_Name,LastName
Add user to a Group¶
Use the following command to associate user to a group
./rctl create groupassociation <group_name> --associateusers <user>
Assign Role to the Project¶
To assign a role to a project, ensure a project and a group are created.
Use the following command to assign a base role to the project
./rctl create groupassociation <demo_group> --associateproject <demo-project> --roles PROJECT_ADMIN
To assign multiple base roles, use the following command
./rctl create groupassociation <group_name> --associateproject <project_name> --roles PROJECT_ADMIN,INFRA_ADMIN,INFRA_READ_ONLY
To assign custom roles, use the following command
./rctl create groupassociation <group_name> --associateproject <project_name> --customroles <role_name>
List of Base Roles
Here is the list of roles that can be assigned to a user:
- ADMIN
- ADMINISTRATOR_READ_ONLY
- CLUSTER_ADMIN
- CLUSTER_TEMPLATE_USER
- ENVIRONMENT_TEMPLATE_USER
- FINOPS_ADMIN
- INFRA_ADMIN
- INFRA_READ_ONLY
- NAMESPACE_ADMIN
- NAMESPACE_READ_ONLY
- PROJECT_ADMIN
- PROJECT_READ_ONLY
- WORKSPACE_ADMIN
- WORKSPACE_READ_ONLY
Get Group¶
Use the following command to get a group details
./rctl get groupassociation <group-name>
Example Output
./rctl get groupassociation demo_group
+---------------+---------------------------+
| PROJECT | ROLES |
+---------------+---------------------------+
| demo_group | ENVIRONMENT_TEMPLATE_USER |
+---------------+---------------------------+
Delete User¶
To delete a user from a group, use the below command
./rctl delete groupassociation <group_name> --dissociateusers <user>